
Local CAĬontact your CA administrator and ask them for the CA certificate in PEM format.

Read the comment regarding tls_cacertfile in the example nf file. If your directory server is using a certificate issued by one of the well known CAs, then you are done with this section. If you are using a self-signed certificate or an in-house certificate authority, you will need to get a copy of the certificate used to sign the directory server(s) server certificates. On CentOS 7, this is /etc/ssl/certs/ca-bundle.crt. If your directory server certificate was obtained from one of the well known certificate authorities, you can probably use your system’s trusted certificate authority (CA) certificate list. If you opt to not use TLS, then skip this section. If you don’t, user names and passwords will be sent through the network unencrypted. I recommend using TLS for your connections to your directory server(s). Install the necessary packages by running the following command: yum install nss-pam-ldapd openssl nscd TLS CA Certificates It is what the examples in this guide will use. I prefer nss-pam-ldapd because it is available in the OS repositories and straightforward to configure. Install OpenLDAP From Source – CentOS 7įirst, you need to install and configure a LDAP pluggable authentication module (PAM), a LDAP name service switch (NSS) module, and a caching service.If you don’t, you can follow these two guides to install and configure OpenLDAP: I am assuming you have a directory server up and running.

If you want to use LDAP authentication with CentOS 8, click here. This guide will walk you through setting up CentOS 7 to use an LDAP directory server for authentication.
